Abstract: In an aspect, the invention features a method for mission planning. The method includes displaying a graphical representation of a geographical area and displaying a graphical representation of one or more regions within the geographical area. The method also includes accepting a specification of geographical regions from a user, accepting a specification of a set of one or more receivers from the user, and accepting a specification of resource access rights associated with the specific one of the geographical regions from the user. The method also includes remotely causing access to a vehicle's resources to be provided or denied to the specified set of one or more receivers based on their association with the specific one of the geographical regions specified by the user when the vehicle is within the specific one of the geographical regions specified by the user.

Abstract: A method of providing access to content based upon one or more adequately-credentialed keys being proximate to a certain location. The method includes a first step of acquiring credential information from at least one key tagged with credential information using a credential acquisition device (CAD) at the certain location. The method also includes a second step of confirming that the credential information meets requirements for receiving the content. Further, the method includes a step of providing access to the content after performing the first and second steps.

Abstract: Aspects for secure access and communication of information in a distributed media network may include detecting when a legacy media peripheral is connected to a PC and/or a media processing system on the distributed media network. One or more identifiers associated with the legacy media peripheral may be established and utilized to facilitate communication of the legacy media peripheral over the distributed media network. At least one legacy media peripheral identifier and at least one identifier of a user utilizing the legacy media peripheral may be requested. The legacy media peripheral identifier may be a serial number of the legacy media peripheral, while the user identifier may be a user password and/or a user name. Media peripheral association software may be executed on the PC and/or the media processing system and utilized for media peripheral association and authentication in accordance with various embodiments of the invention.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: A method for facilitating authentication enables to automatically log the user to an application multiple times as long as the user has not left proximity of the terminal since the last successful login.

Abstract: A set-top-box has on-chip OTP memory emulated using an external flash memory and a series of on-chip fuses. The external memory is comprised of one or more regions, each having its own unique region identification. Each on-chip fuse corresponds to one of the memory regions and comprises a component which can be caused to change to a particular (blown) state irreversibly. When data first needs to be written to a region of the external memory, the identification of that region is appended to the data itself together with a parity field and a validity field. The resultant data packet is then encrypted by a cryptographic circuit using a secret key unique to the set-top-box and the encrypted data packet is written to the specified region of the external memory. Then, the on-chip fuse corresponding to the region that has been written to is irreversibly blown, effectively locking that region.

Abstract: A mobile device for the display of messages includes a message viewer application for displaying segments of the message received from a server. The message can include content that is encoded in a first encoding that is renderable for display on the device, and the same content encoded in a second encoding. On determination that the received portion of the message includes a first part comprising content encoded in a first encoding and is renderable for display, first displayable portion of the message content, the server is signalled to halt forwarding further segments of the message.

Abstract: The invention relates to a system and method, by means of which the availability of readable contents (books, magazines, documents) can be linked according to location. The invention further relates to an electronic terminal, in particular a mobile reading device, having means for carrying out said method, and to the use of such an electronic terminal.

Abstract: A method and system for authenticating an internet user identity by cross-referencing and comparing at least two independent sources of information. A first IP address of an internet user is identified and the geographical location of the first IP address is traced to determine a first location. The geographical-location of a communication voice device of said internet user is identified to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the internet user. Based upon geographical proximity of said locations, a score is assigned to the internet user, and access to a website is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated.

Abstract: An authentication method, a server, and a terminal for a wireless local area network (WLAN) are provided. The method includes: redirecting a Hypertext Transfer Protocol (HTTP) request message sent by a WLAN terminal to an address of a login webpage of a WLAN network and returning the redirected HTTP request message to the WLAN terminal; sending authentication request information carrying an International Mobile Subscriber Identity (IMSI) identifier of a Subscriber Identity Module (SIM) card sent by the WLAN terminal to an Authentication/Authorization/Accounting (AAA) server corresponding to the address of the login webpage of the WLAN network, such that the AAA server performs authentication based on the IMSI identifier.

Abstract: A system and methods for secure communication are disclosed. A network packet comprising encrypted network address comprising an unencrypted network address encrypted by a first GPS time and a first pseudo random number is received. The encrypted network address is decrypted using the first GPS time and the first pseudo random number to provide the unencrypted network address. The network packet is transmitted based on the unencrypted network address.

Abstract: A wireless communication system includes a plurality of terminals connected to at least one wireless network on the basis of authority of security configuration parameters shared by the plurality of terminals. Each of the plurality of terminals revokes security configuration parameters of the terminal itself or security configuration parameters of another terminal in accordance with an agreement with said another terminal.

Abstract: Certain embodiments allow security keys to be maintained across mobile device states, or communication events, such as hand-over, and system idle and sleep power savings modes. By monitoring the lifetime of security keys, keys may be refreshed in an effort to ensure key lifetimes will not expire during a hand-over process or other device unavailable state.

Abstract: A method, system, and medium are provided for validating the identity or authority of a user of a wireless device to consent to providing geographic locations of their respective wireless device to a third-party application. Upon receiving a request to validate the authority of a user to consent to providing of geographic locations, the user is automatically redirected to a validation service portal. The validation service portal verifies the identity or authority of the user to consent by requiring the user to provide identification information. The identification information is compared to identification information in one or more databases to determine if the user has the authority to consent. An indication is provided by the validation service portal to the third-party application of whether the user has the authority to consent. The third-party application then initiates location-based services based on the indication.

Abstract: A document accessible over a network can be registered. A registered document, and the content contained therein, cannot be transmitted undetected over and off of the network. In one embodiment, a plurality of stored signatures are maintained in a signature database, each signature being associated with one of a plurality of registered documents. In one embodiment, the signature database is maintained by de-registering documents by removing the signatures associated with de-registered documents. In one embodiment, the database is maintained by removing redundant and high detection rate signatures. In one embodiment, the signature database is maintained by removing signatures based on the source text used to generate the signature.

Abstract: This specification describes technologies relating to imparting cryptographic information in network communications.

Abstract: A method for authenticating a first party with a second party, the first and second parties having means for communicating with each other, the first party having secret information and supporting a plurality of authentication modes for authenticating the first party with another party, using said secret information, the authentication modes of said plurality being arranged for protecting the first party's privacy with respective degrees. A degree with which the first party's privacy must be protected when authenticating the first party with the second party is negotiated between the first party and the second party. If the negotiation is successful, the first party is authenticated with the second party according to the authentication mode of said plurality having the negotiated degree of protection of the first party's privacy.

Abstract: In accordance with embodiments of the present disclosure, systems and methods for facilitating network transactions include user authentication over a network by providing strong mutual authentication of client web application to server side application server, providing session encryption key negotiation after authentication to continue encryption during communication, and providing a high-level encryption technique referred to as an effective zero knowledge proof of identity (eZKPI) algorithm. In various implementations, the eZKPI algorithm is adapted to couple something the user Knows (e.g., a password or personal identification number) with something the user Has (e.g., a secure identification card) to create a stronger identity authentication proof for access to a mobile device and applications running on the mobile device.

Abstract: An invention is afforded for providing security for a protected network resource. The system includes a network access apparatus in communication with a receiver that receives signals from a remote source. The network access apparatus is capable of collecting current microprint data for the receiver, which is a plurality of values based on data values received at the receiver over a predefined period of time, for example, forty-five seconds. The system also includes an authentication computer in communication with the network access apparatus. The authentication computer has access to an LSDF for the receiver, which is a plurality of values based on data values received at the receiver over a predefined period of time, for example, a twenty-four hour period of time.

Abstract: A wireless computing device includes an antenna that is configured to transmit and receive wireless signals. The wireless computing device comprises a transmitter component that causes a first wireless signal to be transmitted to a wireless access point via the antenna, wherein the first wireless signal comprises a request for a location proof, wherein the request for the location proof comprises data that identifies the wireless computing device, and wherein the location proof comprises data that is indicative of a geographic location of the wireless access point. The system also includes a receiver component that receives, via the antenna, a second wireless signal from the wireless access point, wherein the second wireless signal is received by the receiver component subsequent to the transmitter component causing the first wireless signal to be transmitted to the wireless access point.

Abstract: An Operations, Administration, and Maintenance (OA&M) 16 provides security for managed resources on a wireless client device 10 at many levels of granularity, from the entire device, to subsystems, to software and hardware components, services and applications, down to individual attributes.

Abstract: A node device provides secure communication services over a data network, such as the Internet or another public or private packet switched network, to multiple computers that are coupled through the node device and multiple other node devices. The node device includes a network communication interface for coupling the node device to the data network. The node device includes a data storage containing cryptographic information including information that is unique to the node device. The node device also includes a tunneling communication service coupled to the network interface configured to maintaining an encrypted communication tunnel with each of multiple other node devices using the cryptographic information. For example, the encrypted communication tunnels are implemented using the IPsec or PPTP protocols. The node device includes a routing database for holding routing data and a router coupled to the tunneling communication service and to the routing database.

Abstract: A network component comprising at least one processor configured to implement a method comprising deriving a Master Session Key (MSK) using a secret key and at least one parameter obtained from an Extensible Authentication Protocol (EAP) sequence, deriving a first Pairwise Master Key (PMK) and a second PMK from the MSK, authenticating with a home gateway (HG) using the first PMK, and authenticating with an end point using the second PMK. Included is an apparatus comprising a node comprising an access controller (AC) and a protocol for carrying authentication for network access (PANA) Authentication Agent (PAA), wherein the AC is configured to manage authentication for a UE, and wherein the PAA is configured to implement a PANA to forward authentication information related to the UE.

Abstract: A communication device receives secure communication frames on which a security transform has been performed to permit authentication. The communication device maintains an authentication history and a local time varying parameter. In multi-hop communication, the communication device provisionally verifies the freshness of a received secure communication frame by verifying that identifying information extracted from the frame is not already present in the authentication history and that a received time varying parameter extracted from the frame is not older than the local time varying parameter by more than a certain margin. If these freshness tests both pass, the frame is authenticated. If authentication succeeds, the frame is transmitted on the next hop without performance of a new security transform.

Abstract: A system for securing an electronic communication comprises a gateway server configured to receive and store a device identifier and a network address from a first computing device. The device identifier identifies the first computing device, and the network address is associated with the first computing device. Thereafter, the gateway server receives from a second computing device the network address of the first computing device and an encryption key request. The gateway server derives from the device identifier for the first computing device an encryption key and sends the encryption key to the second computing device. A communication from the second computing device to the first computing device may thereafter be secured using the encryption key. A related method of securing an electronic communication is also disclosed.

Abstract: There is provided a program for making a computer perform a first procedure for verifying whether an platform guaranteeing that device identification data for identifying a communication device cannot be rewritten by the user is provided in the communication device, a second procedure for verifying whether the device identification data included in a registration request received from the communication device is not yet registered, and a third procedure for registering the device identification data included in the registration request and issuing user identification data to the user when the program determines in the first procedure that the platform is provided and determines in the second procedure that the device identification data is not yet registered.

Abstract: A mobile node and its home system generate synchronized time-based codes at periodic time intervals. Each time-based code is valid for a predetermined time period. To facilitate anonymous operation when roaming, the mobile node identifies itself with a coded identifier instead of a public identifier. The coded identifier used at a given time includes the time-based code that is valid for that given time. To authenticate the mobile node, a serving system receives authentication information from the mobile node and forwards the authentication information to a home system. The authentication information includes the current time-based code and a timestamp. The home system identifies the mobile node from the current time-based code and the timestamp. The home system then uses the authentication information to authenticate the mobile node.

Abstract: An improved method, apparatus, and computer instructions for processing outbound traffic passing through a port. This port is for a server and receives a request from a client. The request includes a universal resource identifier to a destination. A determination is made as to whether the request requires encryption using the universal resource identifier in the request. The request is sent through the port to the destination in an encrypted form, in response to a determination that the request requires encryption.

Abstract: Access to digital data is controlled by encrypting the data in such a manner that it can be decrypted only at a specified location, within a specific time frame, and with a secret key. Data encrypted in such a manner is said to be geo-encrypted. This geo-encryption process comprises a method in which plaintext data is first encrypted using a data encrypting key that is generated at the time of encryption. The data encrypting key is then encrypted (or locked) using a key encrypting key and information derived from the location of the intended receiver. The encrypted data encrypting key is then transmitted to the receiver along with the ciphertext data. The receiver both must be at the correct location and must have a copy of the corresponding key decrypting key in order to derive the location information and decrypt the data encrypting key.

Abstract: An authentication apparatus performs local and global corrections on image data. Local correction uses the shape of a local line indicated by line information contained in a neighboring region on image data whose feature value extracted from the shape of a line is used for authentication. Global correction uses the shape of a global line indicated by line information contained in a region larger than the neighboring region. The authentication apparatus calculates the difference between line information contained in image data corrected by local correction and line information contained in image data corrected by global correction and compares the difference with a threshold. If the difference is less than the threshold, the authentication apparatus outputs, as line information contained in image data, line information corrected by local correction and, if the difference is greater, it outputs, as line information contained in image data, line information corrected by global correction.

Abstract: An invention is provided for monitoring an item, such as a container. The invention includes a computer in communication with a receiver that receives signals from a remote source. A transmitter in communication with the computer receives values from the computer based on the signals received from the remote source. These values are then transmitted to a security device associated with the item, which includes an authentication table comprising a plurality of initial values. The security device then records values transmitted from the transmitter. The values can be jitter values, with each jitter value being a difference in arrival times of at least two timing signals from the same remote source.

Abstract: Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant.

Abstract: Systems and methods for deploying agents for a management system across IT infrastructure in an automated fashion are disclosed herein. Embodiments of the present invention allow agents to be substantially automatically deployed or configured in conjunction with previously unknown or newly added application components. More specifically, embodiments of the present invention may track traffic associated with application components to identify unknown application components. Agents may then be deployed to monitor these newly identified application components.

Abstract: A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled.

Abstract: An object of the present invention is to provide a mechanism for tamper detection of electronic devices (110) in closed units which is robust and low cost. The object is achieved by a method in an electronic device (110) for detecting if a cover (100) enclosing the electronic device (110) has been opened. The cover (100) comprises an enclosing assembly (250) which is adapted to fasten the cover (100) into a closed position. The electronic (device 110) comprises a non volatile memory (120). The non volatile memory (120) comprises a stored reference signature associated to the enclosing assembly (250) when the cover (100) was fastened into a closed position. The method comprises the following steps: (Creating 1003) a signature associated to the enclosing assembly (250). Comparing (1004) the created signature with the reference signature. Detecting (1007) that the cover 100 has been opened when the comparing (1004) results in a difference.

Abstract: Systems and methods for implementing a location token service (LTS) to enhance the security of mobile device identity tokens by using the location of the mobile device to augment the tokens. The LTS enforces re-authentication (login) of the mobile device to one or more applications if the mobile device moves beyond a threshold distance from the location of the last use of the token within a time period defined in a temporal threshold. The LTS increases authentication strength and drastically reduces the potential for spoofing or otherwise permitting unauthorized access to one or more applications on the mobile device.

Abstract: A system for centrally managing credential information of a user and a virtual object of a user across a plurality of virtual world (or corresponding virtual world servers) is disclosed. The system includes an identity service module for managing an authentication request (e.g., verifying credential information of a user) from a user and an inventory service module for managing virtual properties of a user. Furthermore, a method for logging in a virtual world by using the system is disclosed. A method for teleporting a virtual property from a virtual world to another virtual world by using the system is disclosed. A method for logging out from a virtual world by using the system is also disclosed.

Abstract: In one embodiment, the present invention is a method for providing a secure remote configuration. The method includes obtaining a signed configuration file (S-CF) from a storage using a device identity of the device, wherein the device identity of the device is linked with a location of the device. A validated configuration file (V-CF) is then generated using the S-CF. At least one device parameter is then configured using the V-CF. In another embodiment, the present invention is a method for providing a signed configuration file (S-CF) to the device. The method includes processing a request for an S-CF from the device, wherein the request comprises a device identity of the device. A location of the device is then determined using a location database and the device identity of the device. A configuration file (CF) for the location of the device is then obtained from a storage. An S-CF is then generated using the CF. The S-CF is then provided to the device.

Abstract: A data encryption and decryption system securely geoencrypts data using location-dependent navigation signals. To increase the entropy of the cryptographic key to guard against a brute-force attack, geoencryption is made to depend on largely time-independent characteristics of the navigation signals that are not easily spoofed, including the time difference of arrival, the envelope-to-cycle difference, the differential signal-to-noise, the signal envelope shape, and the directions of arrival of the navigation signal set.

Abstract: Systems and methods for detecting unauthorized use of a user equipment device are provided. An instruction is transmitted, using communications circuitry of a handheld device, to the user equipment device directing the user equipment device to display a unique identifier associated with the user equipment simultaneously with media content. An image of the media content and unique identifier simultaneously displayed on a display screen coupled to the user equipment device is captured using camera equipment of the handheld device. The image is automatically processed with the handheld device to extract the unique identifier from the image. The extracted unique identifier is cross-referenced, using the handheld device, with user account information associated with the user equipment device to determine whether use of the user equipment device is unauthorized.

Abstract: Enhanced security is provided in an RFID system comprising a plurality of RFID devices and at least one reader which communicates with one or more of the devices. In one aspect of the invention, a first command is transmitted from the reader to write a first data unit to a memory of given one of the RFID devices. A reply is received in the reader from the given RFID device indicating that a second data unit determined based on contents of the first data unit is available in the memory to be accessed by the reader. A second command is transmitted from the reader to the given RFID device to allow the reader to read the memory to thereby obtain the second data unit. The first and second data units comprise information exchanged as part of a cryptographic protocol carried out between the reader and the given RFID device. In an illustrative embodiment, the cryptographic protocol may comprise a challenge-response authentication protocol.

Abstract: A system for and method of registering devices an applications with cryptographic modules is presented. The system and method prevent devices and applications from operating in conjunction with cryptographic modules unless such devices and applications have previously been registered with the module.

Abstract: Computer implemented methods, apparatus, and computer-readable media for detecting suspected spam in e-mail (24) originating from a sending computer (21). A method embodiment comprises the steps of determining (11) the actual IP address (23) of the sending computer (21); converting (12) the actual IP address (23) into geo-location data; and, using the geo-location data, ascertaining (13) whether the e-mail (24) contains suspected spam.

Abstract: One or more rights objects (RO) files may be used for storing RO's preferably in the protected area available only to authenticated users. A RO navigation file is stored preferably in an unprotected public area containing status bits, where each status bit identifies whether a location in a RO file contains a valid RO or not. Preferably, there is a one-to-one correspondence between the location for a RO in a RO file and a location in the RO navigation file for the status bit which identifies whether its corresponding location in the RO file contains a valid RO or not. Whether a particular location in a RO file contains a valid RO or not can be found by checking its corresponding status bit in the RO navigation file. By finding out whether a particular location in a RO file contains a valid RO or not in this manner, it is possible to delete ROs without having to go through an authentication process. The process of finding an empty slot in the RO file for storing a new RO is also simplified.

Abstract: In one aspect, a method of mutual certificate authentication between a first device and a second device based on location is described. This embodiment of a method comprises receiving a request from a first device, wherein the request comprises a location of the first device; registering a first public key for the first device in response to the request, wherein the registration associates the first device with the first public key; determining at least one second device that can be accessed by the first device based upon a location of the second device relative to the location of the first device; registering a second public key for the second device, wherein the registration associates the second device with the second public key; sending the second public key to the first device; sending the first public key to the second device; and mutually authenticating the first device to the second device when the first device and the second device are connected.

Abstract: A cryptographic system (500) that includes a data stream receiving device (502) configured for receiving a modified data stream representing data entries encrypted using a chaotic sequence of digits. The system also includes user processing device (503, 505) configured for receiving user access information specifying an initial value for the chaotic sequence of digits and data field location information associated with selected ones of the data entries. The system further includes a synchronized pair of chaotic sequence generators (300) coupled to the user processing devices configured for generating encryption and decryption sequences based on the initial value and the data field location information. The system additionally includes an encryption device (504) and a decryption device (506) coupled to the chaotic sequence generators and the data stream receiving device, the decrypter configured for generating an output data stream from the modified data stream by applying the decryption sequences.

Abstract: The verification system of this invention comprises an image forming apparatus 1 having verification function and a card reader 2 for reading a user ID from a card. The image forming apparatus 1 is capable of performing short-range radio communication with a portable instrument 3. The portable instrument 3 receives a polling command transmitted by the image forming apparatus 1 and sends back its own identification code if it is located near the image forming apparatus 1. The image forming apparatus 1 permits usage of all the functions thereof if it verifies that user is an officially permitted person according to user ID read by the card reader 2 and the identification code sent back from the portable instrument 3. Consequently, there is provided a verification system having a high security level and convenient for use or a verification system which permits usage of its apparatus and other related devices within an appropriate range depending on the security level of a verified method.

Abstract: A system and method is provided to determine location information of a portable computing device and, in particular, to a secure and scalable system and method of decoupling and exposing handset originated location information to third parties. The system includes a location platform to determine location information of a remote user, and an encryption service configured to secure the location information of the remote user and send the secure location information to a content provider.

Abstract: A security zone key is used to secure data traffic/control messages in a multi-hop wireless relay network. In one embodiment, the security zone key is generated by a base station and passed to relay stations and optionally mobile stations that are to be associated with the security zone. A given base station may implement multiple security zones on the wireless network. The members in each zone share a unique group security association. One or more connections may be assigned to a particular security zone. Data traffic/control messages directed to relay stations in a security zone are processed using the security zone key to enable all relay nodes within the security zone to verify the authenticity of the management message and optionally decode the messages.